22 matches found
EUVD-2007-5806
Malware in sbrugna...
EUVD-2006-3794
Malware in sbrugna...
AFCommerce 'rootpathtocart'参数多个远程文件包含漏洞
Bugtraq ID:64541 Afcommerce是一款免费的在线商城软件。 Afcommerce不正确过滤用户提交的输入,允许远程攻击者利用漏洞包含远程文件并以WEB权限执行。 0 AFCommerce 目前没有详细解决方案提供: http://www.afcommerce.com/ http://www.example.com/afcontrol/adblock.php?rootpathtocart=RFI http://www.example.com/afcontrol/adminpassword.php?rootpathtocart=RFI...
AFCommerce Remote File Inclusion
o AFCommerce a.k.a Amazing Flash Commerce = Remote File Inclusion Vulnerability Software : AFCommerce Professional Edition Version : n/a Vendor : http://www.afcommerce.com/ Author : NoGe Contact : nogedotcodeatgmaildotcom Desc : AFCommerce is a full and complete online store with both a store fro...
AFCommerce - adblock.php Remote File Inclusion
AFCommerce - adblock.php Remote File Inclusion source: https://www.securityfocus.com/bid/64541/info AFCommerce is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied input. An attacker can exploit these vulnerabilities to obtain potentiall...
AFCommerce - 'controlheader.php' Remote File Inclusion
source: https://www.securityfocus.com/bid/64541/info AFCommerce is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied input. An attacker can exploit these vulnerabilities to obtain potentially sensitive information or to execute arbitrary...
AFCommerce - 'adblock.php' Remote File Inclusion
source: https://www.securityfocus.com/bid/64541/info AFCommerce is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied input. An attacker can exploit these vulnerabilities to obtain potentially sensitive information or to execute arbitrary...
AFCommerce - controlheader.php Remote File Inclusion
AFCommerce - controlheader.php Remote File Inclusion source: https://www.securityfocus.com/bid/64541/info AFCommerce is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied input. An attacker can exploit these vulnerabilities to obtain...
AFCommerce - adminpassword.php Remote File Inclusion
AFCommerce - adminpassword.php Remote File Inclusion source: https://www.securityfocus.com/bid/64541/info AFCommerce is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied input. An attacker can exploit these vulnerabilities to obtain...
AFCommerce - 'adminpassword.php' Remote File Inclusion
source: https://www.securityfocus.com/bid/64541/info AFCommerce is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied input. An attacker can exploit these vulnerabilities to obtain potentially sensitive information or to execute arbitrary...
Sql injection
SQL injection vulnerability in Amazing Flash AFCommerce allows remote attackers to execute arbitrary SQL commands via the firstname parameter to an unspecified component, a different issue than CVE-2006-3794. NOTE: the provenance of this information is unknown; the details are obtained solely fro...
CVE-2007-5836
SQL injection vulnerability in Amazing Flash AFCommerce allows remote attackers to execute arbitrary SQL commands via the firstname parameter to an unspecified component, a different issue than CVE-2006-3794. NOTE: the provenance of this information is unknown; the details are obtained solely fro...
CVE-2007-5836
CVE-2007-5836 documents a SQL injection vulnerability in Amazing Flash AFCommerce Shopping Cart. The affected component/entry points are an unspecified component via the firstname parameter (and related references indicate a similar issue via the search field). The root cause is SQL injection all...
CVE-2007-5836
SQL injection vulnerability in Amazing Flash AFCommerce allows remote attackers to execute arbitrary SQL commands via the firstname parameter to an unspecified component, a different issue than CVE-2006-3794. NOTE: the provenance of this information is unknown; the details are obtained solely fro...
CVE-2006-3800
Cross-site scripting XSS vulnerability in Amazing Flash AFCommerce Shopping Cart allows remote attackers to inject arbitrary web script or HTML via the "new review" text box...
CVE-2006-3794
SQL injection vulnerability in Amazing Flash AFCommerce Shopping Cart allows remote attackers to execute arbitrary SQL commands via the search field. NOTE: the vendor has disputed this issue, stating "if someone were to type in any sql injection code, that code would never be queried...
AFCommerce Shopping Cart
The 'Demo Store' version of the AFCommerce Shopping Cart www.afcommerce.com is vulnerable to both SQL Injection and Cross Site Scripting XSS. SQL Injection can be tested by inserting the classic 'or 1=1-- into the search field. The result is that the first record is returned. We can also perform ...
CVE-2006-3800
Cross-site scripting XSS vulnerability in Amazing Flash AFCommerce Shopping Cart allows remote attackers to inject arbitrary web script or HTML via the "new review" text box...
CVE-2006-3794
SQL injection vulnerability in Amazing Flash AFCommerce Shopping Cart allows remote attackers to execute arbitrary SQL commands via the search field. NOTE: the vendor has disputed this issue, stating "if someone were to type in any sql injection code, that code would never be queried...
CVE-2006-3794
CVE-2006-3794 describes a SQL injection vulnerability in the Amazing Flash AFCommerce Shopping Cart. The flaw allows remote attackers to execute arbitrary SQL commands via the search field, potentially enabling data access/manipulation. The affected component is the AFCommerce Shopping Cart searc...